Installing Linux on a Lenovo EMC px6-300d

px6_case Today I received my new storage solution / NAS / file server for my living room: a Lenovo EMC px6-300d.

After booting it the first time, it comes up with a web interface. The interface looks nice but is sprinkled with non-free third-party apps like backup solutions, cloud storage and CCTV management.

The tech spec shows, that the main board is a Intel Atom on and the running OS is Linux-Based. Therefore I opened the case (just 3 normal screws) and removed the main board (4 normal screws).

The system is shipped with 2GB of RAM. I changed these with 2x 4GB DDR3 modules.

px6_serial_connector The main board has a proprietary VGA output somewhere on the board. I’ve look around for an adapter but can’t find one. But, while searching for the main boards model number (which I still can’t find) I found four pins labeled SERIAL_B. Using my multimeter I found a pin providing stable 5V (power), a pin providing round about 3V (TX), a pin which is not connected (RX) and a pin connected to ground (GND). I’ve connected a TTL-to-USB-adapter to the pins and opened a terminal. By trying I found the baud rate to be 115200-N-1 and I can see a linux login prompt.

px6_bios As I can’t find the password, I tried to reboot the storage and I can see the BIOS screen and the GRUB screen flashing by. Rebooting again while pressing the DEL-Key (through the serial connection) works well and I can change BIOS settings. The BIOS shows, that the board has a build-in USB hard disk (flash disk) and allows to change the boot order.

Connecting a USB-Stick with ArchLinux installation to the board and choosing to boot from the USB-Stick was the next thing to try. As syslinux comes with a serial configuration of 38400-N-1 I have changed the BIOS settings for the serial console to the same settings. I had to change the redirection of the console to Boot Loader to avoid double redirection. Now, rebooting and pressing F11 during boot allows to choose between the build in disk and the USB-Stick.

px6_usb_stick To keep the serial console alive during installation, the boot record must be edited by pressing the TAB-Key. The following string must be appended:

console=ttyS0,38400n8

Now the arch installer is booting.

Before installing a new Linux to the internal disk (1 GB size), a backup of this disk should be done:

dd if=/dev/sda | gzip > /backup.gz
scp /backup.gz user@1.2.3.4:/target/backup.gz

Now we can install arch linux using the standard installation manual with the following differences:

During the installation of GRUB, the following config located in /etc/default/grub has to be extended:

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,38400n8"
GRUB_TERMINAL_INPUT="console serial"
GRUB_TERMINAL_OUTPUT="console serial"
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=38400 --word=8 --parity=no --stop=1"

This will configure GRUB to enable serial output (also with 38400n8) for the boot menu and the started kernel.

px6_booting_arch Here we go! A full customizable linux running on the px6. The next step is to control the LCD panel…

References:

Encrypted root on Raspberry Pi

I’m a paranoid guy. Therefore all my disks, connections and mails are encrypted as much as possible.

While building a file storage and backup machine using one of my Raspberry Pis I was playing around with encrypted USB hard disks. While they are working very well on the Pi, I started thinking about encryption of the root partition.

On all my machines the root partition is encrypted and contains a folder with all the key required to decrypt all other hard disks. To do so, I install my system into the encryption container and create a initrd which is able to prompt for the password for the root partition and do the encryption before the kernel is loaded.

As the arch linux image for the Raspberry Pi comes pre-installed and ready to run, the process to create an encrypted root partition for the Pi is a little more complicated.

First step is to download and transfer the latest arch linux image from the interweb:

pv /path/to/archlinux-hf-*img > /dev/mmcblk0; sync

The SD card can be put into the Raspberry Pi the thing can be booted for the first time. As the current image does not use a initrd, the tools to create one are missing and must be installed:

pacman -Syu && pacman -S binutils cryptsetup gzip mkinitcpio

The config file for creating a initrd, /etc/mkinitcpio.conf must be changed to include support for crypted root:

MODULES=""
BINARIES=""
FILES=""
HOOKS="base udev autodetect modconf block filesystems keyboard fsck encrypt"
COMPRESSION="gzip"

Finally, the initrd can be created:

mkinitcpio -g /boot/initrd -v

The next two step is about modifying the boot configuration to use the created initrd while booting and specify the decryption parameters. Therefore the following line must be appended to the file /boot/config.txt in order to load the initrd into the RAM while booting:

initamfs initrd 0x00f00000

The file /boot/cmdline.txt must be changed to use the loaded initrd and to encrypt the root partition during boot:

ipv6.disable=1 selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=Y dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 cryptdevice=/d
ev/mmcblk0p2:root:allow-discards root=/dev/mapper/root rootfstype=ext4 elevator=noop initrd=0x00f00000 rw rootwait

As our kernel and booting system is now able to handle encrypted root partitions, it is time to encrypt the root partition. Therefor the SD card must be removed from the Raspberry Pi and placed back in a PC. There we can create a backup of the data, repartition the SD card, encrypt the root partition and restore the backup:

pv /dev/mmcblk0p5 > rpi.root.img
 
parted /dev/mmcblk0 rm 5
parted /dev/mmcblk0 rm 2
parted /dev/mmcblk0 mkpart primary 95.4M 100%
 
cryptsetup luksFormat /dev/mmcblk0p2
cryptsetup luksOpen /dev/mmcblk0p2 cryptedpi
 
pv rpi.root.img > /dev/mapper/cryptedpi; sync
 
cryptsetup luksClose cryptedpi; sync

Now the SD card can be put back in the Raspberry Pi. While booting it asks for the Password to decrypt the root partition.